From 67544f36f9eea4ea24208af5926fffbc09e23faa Mon Sep 17 00:00:00 2001 From: Steve Riesenberg Date: Fri, 29 Jul 2022 14:07:48 -0500 Subject: [PATCH] Remove references to WebSecurityConfigurerAdapter * AbstractAuthenticationFilterConfigurer * DefaultLoginPageConfigurer * EnableGlobalAuthentication * FormLoginConfigurer * HeadersConfigurer * HttpSecurity * OpenIDLoginConfigurer * RememberMeConfigurer * WebSecurity * WebSecurityConfiguration * WebSecurityConfigurer * X509Configurer Closes gh-11288 --- .../EnableGlobalAuthentication.java | 40 +- .../annotation/web/WebSecurityConfigurer.java | 11 +- .../annotation/web/builders/HttpSecurity.java | 1090 +++++++++++------ .../annotation/web/builders/WebSecurity.java | 11 +- .../WebSecurityConfiguration.java | 9 +- ...bstractAuthenticationFilterConfigurer.java | 10 +- .../DefaultLoginPageConfigurer.java | 8 +- .../web/configurers/FormLoginConfigurer.java | 14 +- .../web/configurers/HeadersConfigurer.java | 6 +- .../web/configurers/RememberMeConfigurer.java | 13 +- .../web/configurers/X509Configurer.java | 7 +- .../openid/OpenIDLoginConfigurer.java | 36 +- 12 files changed, 811 insertions(+), 444 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java index acc8fef818..7ed54d433e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -39,10 +39,19 @@ import org.springframework.security.config.annotation.web.servlet.configuration. * @EnableGlobalAuthentication * public class MyGlobalAuthenticationConfiguration { * - * @Autowired - * public void configureGlobal(AuthenticationManagerBuilder auth) { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") - * .and().withUser("admin").password("password").roles("USER", "ADMIN"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -54,15 +63,24 @@ import org.springframework.security.config.annotation.web.servlet.configuration. * 
  * @Configuration
  * @EnableWebSecurity
- * public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+ * public class MyWebSecurityConfiguration {
  *
- * 	@Autowired
- * 	public void configureGlobal(AuthenticationManagerBuilder auth) {
- * 		auth.inMemoryAuthentication().withUser("user").password("password").roles("USER")
- * 				.and().withUser("admin").password("password").roles("USER", "ADMIN");
+ * 	@Bean
+ * 	public UserDetailsService userDetailsService() {
+ * 		UserDetails user = User.withDefaultPasswordEncoder()
+ * 			.username("user")
+ * 			.password("password")
+ * 			.roles("USER")
+ * 			.build();
+ * 		UserDetails admin = User.withDefaultPasswordEncoder()
+ * 			.username("admin")
+ * 			.password("password")
+ * 			.roles("ADMIN", "USER")
+ * 			.build();
+ * 		return new InMemoryUserDetailsManager(user, admin);
  * 	}
  *
- * 	// Possibly overridden methods ...
+ * 	// Possibly more bean methods ...
  * }
  *
* diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java index c7bc0578d5..91ca1c1a56 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,19 +23,16 @@ import org.springframework.security.config.annotation.SecurityBuilder; import org.springframework.security.config.annotation.SecurityConfigurer; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain; /** * Allows customization to the {@link WebSecurity}. In most instances users will use - * {@link EnableWebSecurity} and either create a {@link Configuration} that extends - * {@link WebSecurityConfigurerAdapter} or expose a {@link SecurityFilterChain} bean. Both - * will automatically be applied to the {@link WebSecurity} by the - * {@link EnableWebSecurity} annotation. + * {@link EnableWebSecurity} and create a {@link Configuration} that exposes a + * {@link SecurityFilterChain} bean. This will automatically be applied to the + * {@link WebSecurity} by the {@link EnableWebSecurity} annotation. * * @author Rob Winch * @since 3.2 - * @see WebSecurityConfigurerAdapter * @see SecurityFilterChain */ public interface WebSecurityConfigurer> extends SecurityConfigurer { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 8a627ef310..6f9da8ab42 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -45,7 +45,6 @@ import org.springframework.security.config.annotation.web.AbstractRequestMatcher import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer; import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer; import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry; @@ -114,16 +113,22 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector; * 
  * @Configuration
  * @EnableWebSecurity
- * public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter {
+ * public class FormLoginSecurityConfig {
  *
- * 	@Override
- * 	protected void configure(HttpSecurity http) throws Exception {
+ * 	@Bean
+ * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  * 		http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin();
+ * 		return http.build();
  * 	}
  *
- * 	@Override
- * 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- * 		auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
+ * 	@Bean
+ * 	public UserDetailsService userDetailsService() {
+ * 		UserDetails user = User.withDefaultPasswordEncoder()
+ * 			.username("user")
+ * 			.password("password")
+ * 			.roles("USER")
+ * 			.build();
+ * 		return new InMemoryUserDetailsManager(user);
  * 	}
  * }
  *
@@ -181,22 +186,25 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter { + * public class OpenIDLoginConfig { * - * @Override - * protected void configure(HttpSecurity http) { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().openidLogin() * .permitAll(); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication() + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() * // the username must match the OpenID of the user you are * // logging in with - * .withUser( + * .username( * "https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU") - * .password("password").roles("USER"); + * .password("password").roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -208,10 +216,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter { + * public class OpenIDLoginConfig { * - * @Override - * protected void configure(HttpSecurity http) { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests() * .antMatchers("/**") * .hasRole("USER") @@ -233,6 +241,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter { + * public class OpenIDLoginConfig { * - * @Override - * protected void configure(HttpSecurity http) { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -281,16 +290,19 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -302,10 +314,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter { + * public class OpenIDLoginConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests((authorizeRequests) -> * authorizeRequests * .antMatchers("/**").hasRole("USER") @@ -355,6 +367,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .headers() * .contentTypeOptions() @@ -410,6 +423,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -419,13 +433,14 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .headers().disable() * ...; + * return http.build(); * } * } * @@ -439,10 +454,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .headers() * .defaultsDisabled() @@ -451,6 +466,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -462,16 +478,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .headers() * .frameOptions() * .disable() * .and() * ...; + * return http.build(); * } * } * @@ -485,21 +502,20 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderExample Configurations * - * Accepting the default provided by {@link WebSecurityConfigurerAdapter} or only - * invoking {@link #headers()} without invoking additional methods on it, is the - * equivalent of: + * Accepting the default provided by {@link EnableWebSecurity} or only invoking + * {@link #headers()} without invoking additional methods on it, is the equivalent of: * * 
 	 * @Configuration
 	 * @EnableWebSecurity
-	 * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {
+	 * public class CsrfSecurityConfig {
 	 *
-	 *	@Override
-	 *	protected void configure(HttpSecurity http) throws Exception {
+	 *	@Bean
+	 *	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 	 *		http
 	 *			.headers((headers) ->
 	 *				headers
@@ -509,6 +525,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
@@ -518,12 +535,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
 	 * @Configuration
 	 * @EnableWebSecurity
-	 * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter {
+	 * public class CsrfSecurityConfig {
 	 *
-	 *	@Override
-	 *	protected void configure(HttpSecurity http) throws Exception {
+	 *	@Bean
+	 *	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 	 * 		http
 	 * 			.headers((headers) -> headers.disable());
+	 *		return http.build();
 	 *	}
 	 * }
 	 *
@@ -537,10 +555,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .headers((headers) -> * headers @@ -548,6 +566,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -559,15 +578,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .headers((headers) -> * headers * .frameOptions((frameOptions) -> frameOptions.disable()) * ); + * return http.build(); + * } * } * * @param headersCustomizer the {@link Customizer} to provide more options for the @@ -602,12 +623,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CorsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CorsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .cors(withDefaults()); + * return http.build(); * } * } * @@ -634,18 +656,24 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class SessionManagementSecurityConfig extends WebSecurityConfigurerAdapter { + * public class SessionManagementSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().anyRequest().hasRole("USER").and().formLogin() * .permitAll().and().sessionManagement().maximumSessions(1) * .expiredUrl("/login?expired"); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -685,10 +713,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class SessionManagementSecurityConfig extends WebSecurityConfigurerAdapter { + * public class SessionManagementSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -706,6 +734,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -754,19 +793,25 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class PortMapperSecurityConfig extends WebSecurityConfigurerAdapter { + * public class PortMapperSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() * .permitAll().and() * // Example portMapper() configuration * .portMapper().http(9090).mapsTo(9443).http(80).mapsTo(443); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -796,10 +841,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class PortMapperSecurityConfig extends WebSecurityConfigurerAdapter { + * public class PortMapperSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requiresChannel((requiresChannel) -> * requiresChannel @@ -810,6 +855,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -838,13 +894,14 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class JeeSecurityConfig extends WebSecurityConfigurerAdapter { + * public class JeeSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and() * // Example jee() configuration * .jee().mappableRoles("USER", "ADMIN"); + * return http.build(); * } * } * @@ -909,10 +966,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class JeeSecurityConfig extends WebSecurityConfigurerAdapter { + * public class JeeSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -922,6 +979,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -988,13 +1046,14 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class X509SecurityConfig extends WebSecurityConfigurerAdapter { + * public class X509SecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and() * // Example x509() configuration * .x509(); + * return http.build(); * } * } * @@ -1017,16 +1076,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class X509SecurityConfig extends WebSecurityConfigurerAdapter { + * public class X509SecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests * .antMatchers("/**").hasRole("USER") * ) * .x509(withDefaults()); + * return http.build(); * } * } * @@ -1053,19 +1113,25 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter { - * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); - * } + * public class RememberMeSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() * .permitAll().and() * // Example Remember Me Configuration * .rememberMe(); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -1089,10 +1155,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RememberMeSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1100,6 +1166,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1127,17 +1204,27 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin(); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") - * .and().withUser("admin").password("password").roles("ADMIN", "USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -1149,18 +1236,28 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN") * .antMatchers("/**").hasRole("USER").and().formLogin(); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") - * .and().withUser("admin").password("password").roles("ADMIN", "USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -1170,8 +1267,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder - * http.authorizeRequests().antMatchers("/**").hasRole("USER").antMatchers("/admin/**") - * .hasRole("ADMIN") + * @Configuration + * @EnableWebSecurity + * public class AuthorizeUrlsSecurityConfig { + * + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + * http.authorizeRequests().antMatchers("/**").hasRole("USER").antMatchers("/admin/**") + * .hasRole("ADMIN") + * return http.build(); + * } + * } * * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations * @throws Exception @@ -1196,16 +1302,32 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests * .antMatchers("/**").hasRole("USER") * ) * .formLogin(withDefaults()); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -1217,10 +1339,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1228,6 +1350,22 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1239,16 +1377,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests * .antMatchers("/**").hasRole("USER") * .antMatchers("/admin/**").hasRole("ADMIN") * ); + * return http.build(); * } * } * @@ -1280,15 +1419,31 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeHttpRequests() * .antMatchers("/**").hasRole("USER") * .and() * .formLogin(); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -1300,16 +1455,32 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeHttpRequests() * .antMatchers("/admin").hasRole("ADMIN") * .antMatchers("/**").hasRole("USER") * .and() * .formLogin(); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -1321,16 +1492,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeHttpRequests() * .antMatchers("/**").hasRole("USER") * .antMatchers("/admin/**").hasRole("ADMIN") * .and() * .formLogin(); + * return http.build(); * } * } * @@ -1358,16 +1530,32 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeHttpRequests((authorizeHttpRequests) -> * authorizeHttpRequests * .antMatchers("/**").hasRole("USER") * ) * .formLogin(withDefaults()); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * UserDetails admin = User.withDefaultPasswordEncoder() + * .username("admin") + * .password("password") + * .roles("ADMIN", "USER") + * .build(); + * return new InMemoryUserDetailsManager(user, admin); * } * } * @@ -1379,10 +1567,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeHttpRequests((authorizeHttpRequests) -> * authorizeHttpRequests @@ -1390,6 +1578,22 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1401,16 +1605,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AuthorizeUrlsSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeHttpRequests((authorizeHttpRequests) -> * authorizeHttpRequests * .antMatchers("/**").hasRole("USER") * .antMatchers("/admin/**").hasRole("ADMIN") * ); + * return http.build(); * } * } * @@ -1435,7 +1640,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderExample Custom Configuration * @@ -1457,10 +1662,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestCacheDisabledSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestCacheDisabledSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1469,6 +1674,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1485,7 +1691,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderExample Custom Configuration * @@ -1505,10 +1711,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class ExceptionHandlingSecurityConfig extends WebSecurityConfigurerAdapter { + * public class ExceptionHandlingSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1519,6 +1725,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1536,7 +1743,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class SecurityContextSecurityConfig extends WebSecurityConfigurerAdapter { + * public class SecurityContextSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .securityContext((securityContext) -> * securityContext * .securityContextRepository(SCR) * ); + * return http.build(); * } * } * @@ -1580,7 +1788,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class ServletApiSecurityConfig extends WebSecurityConfigurerAdapter { + * public class ServletApiSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .servletApi((servletApi) -> * servletApi.disable() * ); + * return http.build(); * } * } * @@ -1620,19 +1829,19 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .csrf().disable() * ...; + * return http.build(); * } * } * @@ -1646,18 +1855,18 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class CsrfSecurityConfig extends WebSecurityConfigurerAdapter { + * public class CsrfSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .csrf((csrf) -> csrf.disable()); + * return http.build(); * } * } * @@ -1674,8 +1883,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class LogoutSecurityConfig extends WebSecurityConfigurerAdapter { + * public class LogoutSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() * .and() * // sample logout customization * .logout().deleteCookies("remove").invalidateHttpSession(false) * .logoutUrl("/custom-logout").logoutSuccessUrl("/logout-success"); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -1714,8 +1929,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class LogoutSecurityConfig extends WebSecurityConfigurerAdapter { + * public class LogoutSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1745,6 +1960,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1760,8 +1986,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AnonymousSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests() * .antMatchers("/**").hasRole("USER") @@ -1785,11 +2011,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1801,10 +2033,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AnonymousSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests() * .antMatchers("/**").hasRole("USER") @@ -1813,11 +2045,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1830,8 +2068,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AnonymousSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1857,7 +2095,18 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1869,10 +2118,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class AnonymousSecurityConfig extends WebSecurityConfigurerAdapter { + * public class AnonymousSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -1883,11 +2132,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1916,16 +2171,22 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter { + * public class FormLoginSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin(); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -1935,10 +2196,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter { + * public class FormLoginSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() * .usernameParameter("username") // default is username * .passwordParameter("password") // default is password @@ -1947,11 +2208,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -1978,16 +2245,27 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter { + * public class FormLoginSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests * .antMatchers("/**").hasRole("USER") * ) * .formLogin(withDefaults()); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -1997,10 +2275,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter { + * public class FormLoginSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -2014,6 +2292,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -2065,19 +2354,18 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration - * public class Saml2LoginConfig { + * @EnableWebSecurity + * public class Saml2LoginSecurityConfig { * - * @EnableWebSecurity - * public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { - * @Override - * protected void configure(HttpSecurity http) throws Exception { - * http - * .authorizeRequests() - * .anyRequest().authenticated() - * .and() - * .saml2Login(); - * } - * } + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + * http + * .authorizeRequests() + * .anyRequest().authenticated() + * .and() + * .saml2Login(); + * return http.build(); + * } * * @Bean * public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() { @@ -2098,13 +2386,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @@ -2154,19 +2442,19 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration - * public class Saml2LoginConfig { + * @EnableWebSecurity + * public class Saml2LoginSecurityConfig { * - * @EnableWebSecurity - * public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { - * @Override - * protected void configure(HttpSecurity http) throws Exception { - * http - * .authorizeRequests() + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + * http + * .authorizeRequests((authorizeRequests) -> + * authorizeRequests * .anyRequest().authenticated() - * .and() - * .saml2Login(withDefaults()); - * } - * } + * ) + * .saml2Login(withDefaults()); + * return http.build(); + * } * * @Bean * public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() { @@ -2187,13 +2475,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @@ -2390,19 +2678,18 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration - * public class OAuth2LoginConfig { + * @EnableWebSecurity + * public class OAuth2LoginSecurityConfig { * - * @EnableWebSecurity - * public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { - * @Override - * protected void configure(HttpSecurity http) throws Exception { - * http - * .authorizeRequests() - * .anyRequest().authenticated() - * .and() - * .oauth2Login(); - * } - * } + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + * http + * .authorizeRequests() + * .anyRequest().authenticated() + * .and() + * .oauth2Login(); + * return http.build(); + * } * * @Bean * public ClientRegistrationRepository clientRegistrationRepository() { @@ -2490,20 +2777,19 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration - * public class OAuth2LoginConfig { + * @EnableWebSecurity + * public class OAuth2LoginSecurityConfig { * - * @EnableWebSecurity - * public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { - * @Override - * protected void configure(HttpSecurity http) throws Exception { - * http - * .authorizeRequests((authorizeRequests) -> - * authorizeRequests - * .anyRequest().authenticated() - * ) - * .oauth2Login(withDefaults()); - * } - * } + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + * http + * .authorizeRequests((authorizeRequests) -> + * authorizeRequests + * .anyRequest().authenticated() + * ) + * .oauth2Login(withDefaults()); + * return http.build(); + * } * * @Bean * public ClientRegistrationRepository clientRegistrationRepository() { @@ -2577,16 +2863,18 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter { - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * public class OAuth2ClientSecurityConfig { + * + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests * .anyRequest().authenticated() * ) * .oauth2Client(withDefaults()); - * } + * return http.build(); + * } * } * * @param oauth2ClientCustomizer the {@link Customizer} to provide more options for @@ -2630,13 +2918,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter { + * public class OAuth2ResourceServerSecurityConfig { * - * @Value("${spring.security.oauth2.resourceserver.jwt.key-value}") - * RSAPublicKey key; - * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -2649,7 +2934,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class ChannelSecurityConfig extends WebSecurityConfigurerAdapter { + * public class ChannelSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() * .and().requiresChannel().anyRequest().requiresSecure(); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -2726,10 +3018,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class ChannelSecurityConfig extends WebSecurityConfigurerAdapter { + * public class ChannelSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests @@ -2740,6 +3032,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -2768,16 +3071,22 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter { + * public class HttpBasicSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http.authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic(); + * return http.build(); * } * - * @Override - * protected void configure(AuthenticationManagerBuilder auth) throws Exception { - * auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -2800,16 +3109,27 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter { + * public class HttpBasicSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests((authorizeRequests) -> * authorizeRequests * .antMatchers("/**").hasRole("USER") * ) * .httpBasic(withDefaults()); + * return http.build(); + * } + * + * @Bean + * public UserDetailsService userDetailsService() { + * UserDetails user = User.withDefaultPasswordEncoder() + * .username("user") + * .password("password") + * .roles("USER") + * .build(); + * return new InMemoryUserDetailsManager(user); * } * } * @@ -2834,10 +3154,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class PasswordManagementSecurityConfig extends WebSecurityConfigurerAdapter { + * public class PasswordManagementSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .authorizeRequests(authorizeRequests -> * authorizeRequests @@ -2847,7 +3167,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @param passwordManagementCustomizer the {@link Customizer} to provide more options @@ -2995,10 +3316,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestMatchersSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requestMatchers() * .antMatchers("/api/**", "/oauth/**") @@ -3007,13 +3328,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -3023,10 +3348,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestMatchersSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requestMatchers() * .antMatchers("/api/**") @@ -3036,13 +3361,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -3052,10 +3381,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestMatchersSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requestMatchers() * .antMatchers("/api/**") @@ -3067,13 +3396,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -3106,10 +3439,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestMatchersSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requestMatchers((requestMatchers) -> * requestMatchers @@ -3120,6 +3453,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -3129,10 +3473,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestMatchersSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requestMatchers((requestMatchers) -> * requestMatchers @@ -3144,6 +3488,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder @@ -3153,10 +3508,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @Configuration * @EnableWebSecurity - * public class RequestMatchersSecurityConfig extends WebSecurityConfigurerAdapter { + * public class RequestMatchersSecurityConfig { * - * @Override - * protected void configure(HttpSecurity http) throws Exception { + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { * http * .requestMatchers((requestMatchers) -> * requestMatchers @@ -3171,6 +3526,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java index 4364968a3d..1548efdf6b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java @@ -42,7 +42,6 @@ import org.springframework.security.config.annotation.web.AbstractRequestMatcher import org.springframework.security.config.annotation.web.WebSecurityConfigurer; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.web.DefaultSecurityFilterChain; @@ -77,8 +76,7 @@ import org.springframework.web.filter.DelegatingFilterProxy; * *

* Customizations to the {@link WebSecurity} can be made by creating a - * {@link WebSecurityConfigurer}, overriding {@link WebSecurityConfigurerAdapter} or - * exposing a {@link WebSecurityCustomizer} bean. + * {@link WebSecurityConfigurer} or exposing a {@link WebSecurityCustomizer} bean. *

* * @author Rob Winch @@ -200,7 +198,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder * Typically this method is invoked automatically within the framework from - * {@link WebSecurityConfigurerAdapter#init(WebSecurity)} + * {@link WebSecurityConfiguration#springSecurityFilterChain()} *

* @param securityFilterChainBuilder the builder to use to create the * {@link SecurityFilterChain} instances @@ -258,7 +256,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder "At least one SecurityBuilder needs to be specified. " - + "Typically this is done by exposing a SecurityFilterChain bean " - + "or by adding a @Configuration that extends WebSecurityConfigurerAdapter. " + + "Typically this is done by exposing a SecurityFilterChain bean. " + "More advanced users can invoke " + WebSecurity.class.getSimpleName() + ".addSecurityFilterChainBuilder directly"); int chainSize = this.ignoredRequests.size() + this.securityFilterChainBuilders.size(); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java index 1af50254c9..9d73ce7536 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -54,10 +54,9 @@ import org.springframework.util.Assert; /** * Uses a {@link WebSecurity} to create the {@link FilterChainProxy} that performs the web * based security for Spring Security. It then exports the necessary beans. Customizations - * can be made to {@link WebSecurity} by extending {@link WebSecurityConfigurerAdapter} - * and exposing it as a {@link Configuration} or implementing - * {@link WebSecurityConfigurer} and exposing it as a {@link Configuration}. This - * configuration is imported when using {@link EnableWebSecurity}. + * can be made to {@link WebSecurity} by implementing {@link WebSecurityConfigurer} and + * exposing it as a {@link Configuration} or exposing a {@link WebSecurityCustomizer} + * bean. This configuration is imported when using {@link EnableWebSecurity}. * * @author Rob Winch * @author Keesun Baik diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java index 44a8e84021..1b2eb3fc7c 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java @@ -25,7 +25,7 @@ import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.PortMapper; @@ -307,14 +307,14 @@ public abstract class AbstractAuthenticationFilterConfigurer * Specifies the URL to send users to if login is required. If used with - * {@link WebSecurityConfigurerAdapter} a default login page will be generated when - * this attribute is not specified. + * {@link EnableWebSecurity} a default login page will be generated when this + * attribute is not specified. *

* *

* If a URL is specified or this is not being used in conjunction with - * {@link WebSecurityConfigurerAdapter}, users are required to process the specified - * URL to generate a login page. + * {@link EnableWebSecurity}, users are required to process the specified URL to + * generate a login page. *

*/ protected T loginPage(String loginPage) { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java index 95bea02fcf..503851628d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter; @@ -30,7 +30,7 @@ import org.springframework.security.web.csrf.CsrfToken; /** * Adds a Filter that will generate a login page if one is not specified otherwise when - * using {@link WebSecurityConfigurerAdapter}. + * using {@link EnableWebSecurity}. * *

* By default an @@ -64,7 +64,7 @@ import org.springframework.security.web.csrf.CsrfToken; * * @author Rob Winch * @since 3.2 - * @see WebSecurityConfigurerAdapter + * @see EnableWebSecurity */ public final class DefaultLoginPageConfigurer> extends AbstractHttpConfigurer, H> { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java index 32db2e8f16..861288c2a5 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ package org.springframework.security.config.annotation.web.configurers; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler; import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler; @@ -84,15 +84,15 @@ public final class FormLoginConfigurer> extends /** *

* Specifies the URL to send users to if login is required. If used with - * {@link WebSecurityConfigurerAdapter} a default login page will be generated when - * this attribute is not specified. + * {@link EnableWebSecurity} a default login page will be generated when this + * attribute is not specified. *

* *

* If a URL is specified or this is not being used in conjunction with - * {@link WebSecurityConfigurerAdapter}, users are required to process the specified - * URL to generate a login page. In general, the login page should create a form that - * submits a request with the following requirements to work with + * {@link EnableWebSecurity}, users are required to process the specified URL to + * generate a login page. In general, the login page should create a form that submits + * a request with the following requirements to work with * {@link UsernamePasswordAuthenticationFilter}: *

* diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java index bd20c50953..3caa6e2d7e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletRequest; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.header.HeaderWriter; import org.springframework.security.web.header.HeaderWriterFilter; import org.springframework.security.web.header.writers.CacheControlHeadersWriter; @@ -50,7 +50,7 @@ import org.springframework.util.Assert; /** *

* Adds the Security HTTP headers to the response. Security HTTP headers is activated by - * default when using {@link WebSecurityConfigurerAdapter}'s default constructor. + * default when using {@link EnableWebSecurity}'s default constructor. *

* *

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java index ad4e1c082b..0fd48f181d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java @@ -22,10 +22,8 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException; import org.springframework.context.ApplicationContext; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.RememberMeAuthenticationProvider; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; @@ -150,13 +148,10 @@ public final class RememberMeConfigurer> /** * Specifies the {@link UserDetailsService} used to look up the {@link UserDetails} - * when a remember me token is valid. The default is to use the - * {@link UserDetailsService} found by invoking - * {@link HttpSecurity#getSharedObject(Class)} which is set when using - * {@link WebSecurityConfigurerAdapter#configure(AuthenticationManagerBuilder)}. When - * using a {@link org.springframework.security.web.SecurityFilterChain} bean, the - * default is to look for a {@link UserDetailsService} bean. Alternatively, one can - * populate {@link #rememberMeServices(RememberMeServices)}. + * when a remember me token is valid. When using a + * {@link org.springframework.security.web.SecurityFilterChain} bean, the default is + * to look for a {@link UserDetailsService} bean. Alternatively, one can populate + * {@link #rememberMeServices(RememberMeServices)}. * @param userDetailsService the {@link UserDetailsService} to configure * @return the {@link RememberMeConfigurer} for further customization * @see AbstractRememberMeServices diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java index b557664d4d..3309734cf0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java @@ -24,13 +24,11 @@ import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; @@ -144,10 +142,7 @@ public final class X509Configurer> /** * Specifies the {@link AuthenticationUserDetailsService} to use. If not specified, - * the shared {@link UserDetailsService} will be used to create a - * {@link UserDetailsByNameServiceWrapper}. If a {@link SecurityFilterChain} bean is - * used instead of the {@link WebSecurityConfigurerAdapter}, then the - * {@link UserDetailsService} bean will be used by default. + * then the {@link UserDetailsService} bean will be used by default. * @param authenticationUserDetailsService the * {@link AuthenticationUserDetailsService} to use * @return the {@link X509Configurer} for further customizations diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java index 0d618ce01e..5acc17bcf3 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer; import org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer; @@ -61,29 +61,29 @@ import org.springframework.security.web.util.matcher.RequestMatcher; *

Example Configuration

* * 
- *
  * @Configuration
  * @EnableWebSecurity
- * public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
+ * public class OpenIDLoginConfig {
  *
- * 	@Override
- * 	protected void configure(HttpSecurity http) {
+ * 	@Bean
+ * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  * 		http
  * 			.authorizeRequests()
  * 				.antMatchers("/**").hasRole("USER")
  * 				.and()
  * 			.openidLogin()
  * 				.permitAll();
+ * 		return http.build();
  * 	}
  *
- * 	@Override
- * 	protected void configure(AuthenticationManagerBuilder auth)(
- * 			AuthenticationManagerBuilder auth) throws Exception {
- * 		auth
- * 			.inMemoryAuthentication()
- * 				.withUser("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
- * 					.password("password")
- * 					.roles("USER");
+ * 	@Bean
+ * 	public UserDetailsService userDetailsService() {
+ * 		UserDetails user = User.withDefaultPasswordEncoder()
+ * 			.username("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
+ * 			.password("password")
+ * 			.roles("USER")
+ * 			.build();
+ * 		return new InMemoryUserDetailsManager(user);
  * 	}
  * }
  *
@@ -229,14 +229,14 @@ public final class OpenIDLoginConfigurer> /** *

* Specifies the URL to send users to if login is required. If used with - * {@link WebSecurityConfigurerAdapter} a default login page will be generated when - * this attribute is not specified. + * {@link EnableWebSecurity} a default login page will be generated when this + * attribute is not specified. *

* *

* If a URL is specified or this is not being used in conjunction with - * {@link WebSecurityConfigurerAdapter}, users are required to process the specified - * URL to generate a login page. + * {@link EnableWebSecurity}, users are required to process the specified URL to + * generate a login page. *

* *